South Korea cyber attack traced to China server

21 March 2013
By Sofia Mitra-Thakur
Mobile version
Share |
Seoul investigators check KBS's hardware at the Cyber Terror Response Centre of National Police Agency

Seoul investigators check KBS's hardware at the Cyber Terror Response Centre of National Police Agency

A hacking attack that brought down three South Korean broadcasters and two major banks has been identified by most commentators as North Korea flexing its muscles as military tensions on the divided peninsula rapidly escalate.

Officials in Seoul traced the breach to a server in China, a country that has been used by North Korean hackers in the past. 

That reinforces the vulnerability of South Korea, the world's 'most wired' economy, to unconventional warfare.

China's Foreign Ministry said that hacking attacks were a "global problem", anonymous and cross-border.

"Hackers often use the IP addresses of other countries to carry out their attacks," ministry spokesman Hong Lei said.

One government official in Seoul directly blamed Pyongyang, although police and the country's computer-crime agency said it would take months to firmly establish responsibility.

Jang Se-yul, a former North Korean soldier who went to a military college in Pyongyang to groom hackers and who defected to the South in 2008, estimates the North has some 3,000 troops, including 600 professional hackers, in its cyber-unit.

Jang's alma mater, the Mirim University, is now called the University of Automation. It was set up in the late 1980s to help North Korea's military automation and has a special class in professional hacking.

The North's professional 'cyber-warriors' enjoy perks such as luxury apartments for their role in what Pyongyang has defined as a new front in its 'war' against the South, Jang said.

"I don't think they will stop at a temporary malfunction. North Korea can easily bring down another country in a cyber-warfare attack," Jang said.

Like much about North Korea, its true cyber capabilities are hard to determine. The vast majority of North Koreans have no access to the Internet or own a computer, a policy the regime of Kim Jong-un strictly enforces to limit outside influence.

The nominee to be the next South Korean intelligence chief told MPs recently the North was suspected of being behind most of the 70,000 cyber-attacks on the country's public institutions over the past five years, local TV channel YTN reported.

North Korea recently threatened the United States with a nuclear attack and said it would bomb South Korea in response to what it says are "hostile" war games in the South by Washington and Seoul.

Threats to bomb the mainland United States are empty rhetoric as Pyongyang does not have the capacity to do so and its outdated armed forces would lose any all-out war with South Korea and Washington, military experts say.

That makes hacking an attractive, and cheaper, option.

"North Korea can't invest in fighter jets or warships, but they have put all their resources into raising hackers. Qualified talent matters to cyber warfare, not technology," said Lee Dong-hoon, an information security expert at Korea University in Seoul.

However much of North Korea's limited funds go into its nuclear and ballistic missile programmes.

The attack hit the network servers of television broadcasters YTN, MBC and KBS as well as two major commercial banks, Shinhan Bank and NongHyup Bank. South Korea's military raised its alert levels in response.

About 32,000 computers at the organisations were affected, according to the South's state-run Korea Internet Security Agency, adding it would take up to five days to fully restore their functions. It took the banks hours to restore banking services. Damage to the servers of the TV networks was believed to be more severe, although broadcasts were not affected. South Korea's military, its core power infrastructure and ports and airports were unaffected.

Investigations of past hacking of South Korean organisations have led to Pyongyang.

"There can be many inferences based on the fact that the IP address is based in China," said the South Korean communication commission's head of network policy, Park Jae-moon. "We've left open all possibilities and are trying to identify the hackers."

North Korea has in the past targeted South Korea's conservative newspapers, banks and government institutions.

The biggest hacking effort attributed to Pyongyang was a 10-day denial of service attack in 2011 that antivirus firm McAfee, part of Intel, dubbed "Ten Days of Rain". 

It said that attack was a bid to probe the South's computer defences in the event of a real conflict.

However, the hacking attack doesn't appear to be state sponsored, security vendor Sophos said, noting the malicious software it detected was not sophisticated.

"It's hard to jump to the immediate conclusion that this was necessarily evidence of a cyber-warfare attack coming from North Korea," said Graham Cluley, senior technology consultant at Sophos.

North Korea last week said it had been a victim of cyber-attacks, blaming the United States and threatening retaliation.

"North Korea is able to carry out much bigger attacks than this incident such as stopping broadcasts or erasing all financial data that could panic South Korea," Lee of Korea University said.

Latest Issue

E&T cover image 1607

"As the dust settles after the referendum result, we consider what happens next. We also look forward to an international summer of sport."

E&T jobs

  • Design Delivery Leader, Palace of Westminster Restoration & Renewal (R&R) - Engineering Lead

    House of Commons
    • City of Westminster, London (Greater)
    • Circa £65,000 (There may be more for an exceptional candidate)

    You will lead on a number of engineering infrastructure and associated workstreams under direction from the Deputy Director

    • Recruiter: House of Commons

    Apply for this job

  • Senior Engineer, Network Equipment

    Energy Networks Association
    • Westminster
    • £49-58k per annum, dependent on experience

    Manage issues and working groups relating to all types of equipment and assets used on the UK Transmission and Distribution Networks.

    • Recruiter: Energy Networks Association

    Apply for this job

  • Programme Manager, Network Resilience

    Energy Networks Association
    • Westminster
    • Competitive salary, dependent on experience

    Co-ordinate the network resilience, emergency planning and the Single Electricity Number (SEN) work in the ENA Engineering team.

    • Recruiter: Energy Networks Association

    Apply for this job

  • Assistant Professor (Tenure Track) of Smart Building Solutions

    Premium job

    ETH Zurich
    • Zurich, Canton of Zürich (CH)

    The successful candidate is expected to develop a strong and visible research programme in the area of control and diagnostics of building systems

    • Recruiter: ETH Zurich

    Apply for this job

  • Process Controls Leader

    Premium job

    Phillips 66
    • Humber Refinery, South Killingholme, North Lincolnshire DN40 3DW
    • £60k - 75k plus extensive Compensation and benefits package, dependent upon experience

    Experienced Process Control Leader providing leadership and technical support for Oil Refinery. Extensive Compensation and benefits package.

    • Recruiter: Phillips 66

    Apply for this job

  • Regional Technical Support Manager

    Premium job

    Siemens
    • Warwick, Warwickshire

    You will be required to lead the regional Customer Services strategy and resources to maximise Customer satisfaction.

    • Recruiter: Siemens

    Apply for this job

  • Communications Engineer

    BAE Systems
    • England, Hampshire, Portsmouth
    • Negotiable

    Communications Engineer Would you like to play a key role supporting the UK's Maritime Communications Infrastructure? We currently have a vacancy for a Communications Engineer at our site in Portsmouth. As a Communications Engineer, you will be carrying o

    • Recruiter: BAE Systems

    Apply for this job

  • MetOp-SG Receiver Project Manager

    Science and Technology Facilities Council (STFC)
    • STFC Rutherford Appleton Laboratory, Harwell, Oxfordshire
    • £37,213 - £50,926 (depending on experience)

    Project Manager to oversee the development, production and test of spaceflight components and integrated receiver systems

    • Recruiter: Science and Technology Facilities Council (STFC)

    Apply for this job

  • Financial Controller

    MBDA
    • Stevenage
    • Competitive Salary & Benefits

    An opportunity has arisen to manage a diverse range of financial controlling activities within the Equipment Team (ET) and newly Centres of Excellence (CofEx) function...

    • Recruiter: MBDA

    Apply for this job

  • Weapon System Product Support Manager

    MBDA
    • Stevenage
    • Competitive Salary & Benefits

    The Opportunity An opportunity has arisen within MBDA?s Customer Support & Services organisation for a strong competent leader to deliver a key Weapon capability primarily...

    • Recruiter: MBDA

    Apply for this job

More jobs ▶

Subscribe

Choose the way you would like to access the latest news and developments in your field.

Subscribe to E&T